block display of your images on other web sites

Created by Scott Crevier (St. Norbert College) on July 28, 2005

This topic came up on a discussion list today, so I figured I'd post some info about it. If you have images on your web site that you don't want displayed on other web sites, and you're running Apache, you can easily prevent it. I don't know about a similar solution in other web servers.

This solution does not refer to the situation where someone else actually downloads your image (which is practically impossible to prevent), puts it on their web site, then displays it on a page. It only addresses the situation where someone else refers to the full URL of your image in the the HREF element of the A tag on their page. This of course creates unwanted bandwidth for your site.

Apache allows you to prevent this using the RewriteEngine. Instructions are available in their URL Rewriting Guide. Just find the words "inline-images" on the page.

You'll notice that the solution depends on the browser providing a proper value for the HTTP_REFERER environment variable. Some may say that this is not reliable, and that's indeed true. But while it's not 100% reliable, it's certainly reliable enough for this situation. Think about it. In order for this solution to not work, the browser (user agent) would need to send the wrong data for the referring site. And since the browser is in the control of the person visiting the web site, it's completely out of the control of the web site that wants to display your image. So the solution works very well.

I'm interested to know if there are similar solutions for other web servers.

Scott's blog
Login or register to post comments
3014 reads

		block display of your images on other web sites Created by Scott Crevier (St. Norbert College) on July 28, 2005 This topic came up on a discussion list today, so I figured I'd post some info about it. If you have images on your web site that you don't want displayed on other web sites, and you're running Apache, you can easily prevent it. I don't know about a similar solution in other web servers. This solution does not refer to the situation where someone else actually downloads your image (which is practically impossible to prevent), puts it on their web site, then displays it on a page. It only addresses the situation where someone else refers to the full URL of your image in the the HREF element of the A tag on their page. This of course creates unwanted bandwidth for your site. Apache allows you to prevent this using the RewriteEngine. Instructions are available in their URL Rewriting Guide. Just find the words "inline-images" on the page. You'll notice that the solution depends on the browser providing a proper value for the HTTP_REFERER environment variable. Some may say that this is not reliable, and that's indeed true. But while it's not 100% reliable, it's certainly reliable enough for this situation. Think about it. In order for this solution to not work, the browser (user agent) would need to send the wrong data for the referring site. And since the browser is in the control of the person visiting the web site, it's completely out of the control of the web site that wants to display your image. So the solution works very well. I'm interested to know if there are similar solutions for other web servers. Scott's blog Login or register to post comments 3014 reads
		© Copyright 1999-2009 EDUCAUSE Need Help? \| Feedback \| Privacy Policy
	Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.